#!/usr/bin/python
# coding: utf-8

import os, sys, public

_title = 'Check the tmp directory for the existence of abnormal Trojan files'
_version = 1.0  # 版本
_ps = "Check the tmp directory for the existence of abnormal Trojan files"  # 描述
_level = 3  # 风险级别： 1.提示(低)  2.警告(中)  3.危险(高)
_date = '2023-11-22'  # 最后更新时间
_ignore = os.path.exists("data/warning/ignore/sw_tmp_malware.pl")
_tips = [
    "Delete the detected abnormal Trojan file according to the description",
]
_help = ''
_remind = 'This file conforms to the characteristics of a Trojan file. It is recommended to delete and reinstall the nginx server, and conduct a comprehensive security check on the server'


def check_run():
    '''
        @name 开始检测
        @author lwh<2023-11-22>
        @return tuple (status<bool>,msg<string>)
    '''
    list1 = ['/var/tmp/systemd-private-56d86f7d8382402517f3b51625789161d2cb-chronyd.service-jP37av','/var/tmp/systemd-private-56d86f7d8382402517f3b5-jP37av','/tmp/systemd-private-56d86f7d8382402517f3b5-jP37av','/var/tmp/count','/var/tmp/count.txt','/var/tmp/backkk','/var/tmp/msglog.txt']
    risk_file = []
    for filename in list1:
        if not os.path.exists(filename):
            continue
        if os.path.isdir(filename):
            continue
        risk_file.append(filename)
    if len(risk_file) > 0:
        return False, 'Abnormal Trojan file has been detected, please delete it ASAP:{}'.format('、'.join(risk_file))
    return True, 'Risk-free'
